CVE-2025-36460 is a buffer access vulnerability classified under CWE-805, affecting the Broadcom BCM5820X component integrated within Dell ControlVault3 and ControlVault3 Plus devices prior to versions 5.15.14.19 and 6.2.36.47 respectively. The vulnerability stems from improper bounds checking during the processing of the WinBioControlUnit API call, specifically when the ControlCode parameter is set to 2 (WBIO_USH_GET_IDENTITY) and the ReceiveBufferSize is between 4 and 79 bytes. Under these conditions, the driver performs an out-of-bounds write of up to 75 bytes, potentially overwriting adjacent memory regions. The data written can be null bytes or attacker-controlled if combined with another vulnerability that allows placing malicious data as Identity inside the database. This memory corruption can lead to arbitrary code execution, privilege escalation, or denial of service. Exploitation requires local privileges and user interaction, as the attacker must invoke the vulnerable API call. The vulnerability has a CVSS 3.1 base score of 7.3, indicating high severity due to its impact on confidentiality, integrity, and availability. No public exploits are known at this time, but the complexity is moderate given the need for local access and crafted API calls. The affected Broadcom BCM5820X is commonly embedded in Dell hardware for secure storage and biometric authentication, making this a critical concern for organizations relying on these security features.

For European organizations, this vulnerability poses significant risks, particularly in sectors that utilize Dell hardware with Broadcom BCM5820X chips for biometric authentication or secure storage, such as government, finance, healthcare, and critical infrastructure. Successful exploitation could allow attackers to corrupt memory, leading to privilege escalation or arbitrary code execution, potentially bypassing security controls and exposing sensitive data. This undermines the confidentiality and integrity of biometric authentication processes and could disrupt availability if the device or driver crashes. Given the local privilege requirement, insider threats or malware with user-level access could leverage this vulnerability to escalate privileges and move laterally within networks. The impact is heightened in environments with strict regulatory requirements for data protection, such as GDPR in the EU, where a breach could result in significant legal and financial consequences.

Organizations should prioritize the deployment of vendor-supplied patches for Dell ControlVault3 and ControlVault3 Plus devices once they become available. Until patches are applied, restrict access to the WinBioControlUnit API by enforcing strict access controls and limiting user privileges to reduce the risk of exploitation. Monitor system logs and biometric authentication events for anomalous or unexpected API calls, particularly those involving ControlCode 2 with unusual buffer sizes. Implement application whitelisting and endpoint detection and response (EDR) solutions to detect and block attempts to exploit this vulnerability. Conduct regular security audits of devices using Broadcom BCM5820X components and ensure that only trusted applications can interact with biometric hardware. Additionally, educate users about the risks of executing untrusted code or scripts that might invoke vulnerable API calls. Finally, maintain an incident response plan tailored to potential exploitation scenarios involving biometric authentication systems.